By: Brian Binovsky user 29 Sep 2016 at 1:50 p.m. CDT

1 Response
Brian Binovsky gravatar
I have been trying to configure Gluu to connect to an internal OpenLDAP server that requires StartTLS to be enabled. I audited the source code and notice this code: ... SSLUtil sslUtil = new SSLUtil(new TrustAllTrustManager()); ... ... FailoverServerSet failoverSet = new FailoverServerSet(this.addresses, this.ports, sslUtil.createSSLSocketFactory(protocol), connectionOptions); ... In the file: oxCore/oxLdap/src/main/java/org/gluu/site/ldap/ When using SSLUtil I expected (for conditional support of StartTLS) something like Example 2 at this following link: ... StartTLSExtendedRequest startTLSRequest = new StartTLSExtendedRequest(sslContext); ExtendedResult startTLSResult; ... Does Gluu 2.4.4 support cache refresh using StartTLS? I know there is StartTLS functionality in: Shibboleth, but my OpenLDAP configuration does not involve SAML or MS-AD at this time. If StartTLS support is missing from Gluu 2.4.4 should I add a feature request? I have Java code that will enable this feature and I could patch the code in my local build to make Gluu work for my needs. Following up with the rational for requiring StartTLS on the OpenLDAP end: "ldaps:// is deprecated in favor of Start TLS [RFC2830]. OpenLDAP 2.0 supports both."

By Yuriy Movchan staff 29 Sep 2016 at 2:31 p.m. CDT

Yuriy Movchan gravatar
Hi Brian, Thank you about reviewing this part. Please create fork and pull request with your changes. We will review them and merge into master branch. Thank you for your help. Regards, Yuriy